Greetings all. I’m in the process of switching over as much / all of any existing usage I have with snaps to flatpaks. I went to do that this morning for Bitwarden when I found the page I was surprised and impressed that the publisher was listed as 8bit Solutions, LLC.
But because it’s my password keeper I was not willing to take that on face value so I had to do some digging.
There is no reference (that I could find) on their download page to the Flatpak. Further it does not appear as though anyone from 8bit Solutions, LLC. is “approving” merges into the repo that builds the Flatpak. Further it uses some common, shared libraries submodule that is also not in anyway managed by 8bit Solutions LLC.
I think saying that the publisher for that Flatpak is at best incorrect and at worst dangerous.
I think it should be listed as Flatpak Community for 8bit Solutions LLC or there should be two entries on that page: package creator (Flatpak Community) and content originator (8bit Solutions LLC). Or something along those lines.
RIght, hence my follow-on comment that perhaps it should all be more prominent and distinctive. I agree that currently all the necessary information is there.
Also, looking at beta.flathub.org I would say at least currently it’s worse. At the very top under the Flatpak name is the “byline” and it lists 8bit Solutions LLC.
You have to read the last line of the description to understand that this is not softwrae 8bit Solutions LLC made directly.
My opinion is this is a disservice to Flatpak/Flathub. It should be prominent, distinctive and easy to discern that this is a community support Flatpak and not a publisher supported Flatpak. If you wanted to take a common idea you could use “verified checkmarks”.
AFAIK, Jami developers don’t publish officially over Flathub (I hope they did, but not until now), and the beta.flathub page seems to not being indicating that anywhere. Certainly it would be nice to have a simple way to know if the app is officially released through Flathub or it’s instead a community compilation, let’s say.
Nothing serious, just sort of convenient, I guess.
Kind regards and thanks a lot for your lovely work!
This thread id a bit dated but as the issue came up I looked around and saw this thread and this comment and thought I’d add to it.
I took a look at the beta site, and the “verified” check is SUPER helpful BUT the caveat is, for noobs at least there is no “unverified” so as I think many (most?) apps are not verified because they are community contributions one doesnt that verified/unverified is even an option.
For example, I got to the “itch” app on flathub and there is a bit of text that said “NOTICE: This package is not verified by, affiliated with, or supported by itch.io.” but if a user say (like myself) sees the title, then goes right down to info table (installed size, help, license, etc) it says things like:
The vast majority of the information on the page gives the appearance of being from itch.io.
So that is to say, at least letting users know, by the title (where the verified mark is for verified apps) that there be some text that indicates the package is not verified (“unverified” seems logical?).
Also, it’d be nice to have the ability to filter by verified/unverified - if I had the option of installing two similar apps and verified was important to me it would be pretty nice to have to option to show just verified results.